CVE-2019-16241

Name of the Vulnerable Software and Affected Versions TCL Alcatel Cingular Flip 2 version B9HUAH1

Description The issue allows PIN authentication to be bypassed on the device by creating a specific file within the /data/local/tmp/ directory. The System application responsible for the lock screen checks for the existence of this file and disables PIN authentication if it is found. This file can typically be created using Android Debug Bridge (adb) over USB.

Recommendations For version B9HUAH1, as a temporary workaround, consider restricting access to the /data/local/tmp/ directory to prevent the creation of the specific file that disables PIN authentication. Additionally, restrict the use of Android Debug Bridge (adb) over USB to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.